Crypto Thieves Steal Solana via Hidden Chrome Extensions

We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details.

The latest threat targeting cryptocurrency users has emerged with surgical precision, and it’s happening in your browser.

This is a sophisticated attack method where malicious Chrome extensions are injecting hidden transfer fees into legitimate Solana transactions, allowing criminals to siphon funds without users even realizing they’ve been robbed.

Socket researchers identified the extension. What makes this attack particularly insidious is that victims sign the transactions themselves, completely unaware that hidden transfer instructions have been embedded within legitimate Raydium and Jupiter operations.

The details

Socket’s Threat Research Team has outlined all the details.

It discovered the malicious Chrome extension Crypto Copilot, published on June 18, 2024, which markets itself as a tool to “execute trades instantly ...